exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2022-08-05

Zimbra UnRAR Path Traversal
Posted Aug 5, 2022
Authored by Ron Bowes, Simon Scannell | Site metasploit.com

This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. This issue is exploitable on Zimbra Collaboration versions 9.0.0 Patch 24 and below and 8.8.15 Patch 31 and below provided that UnRAR versions 6.11 or below are installed.

tags | exploit, web, arbitrary
systems | linux
advisories | CVE-2022-30333
SHA-256 | ca0f5b8e2038241415fba603b901534752f2529d4c8d1c1134f97e76d1935fef
GNUnet P2P Framework 0.17.3
Posted Aug 5, 2022
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: DHT has various bugfixes in the protocol. Fixed HTTPS tests in transport. Documentation changes include a migration from texinfo to sphinx, a dropped dependency on texinfo, and an added dependency on sphinx.
tags | tool, web, udp, tcp, peer2peer
systems | unix
SHA-256 | 74c767b8d0c34f60ddfa4e77a1657365d34c484b5ffaeb3796e3f520a9d50c9e
Ubuntu Security Notice USN-5548-1
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5548-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-3709
SHA-256 | 642abdd532bf60dbf00614089fd0bb3cf3496d49c4c8fc1e8e127732f40e9bdc
Red Hat Security Advisory 2022-5905-01
Posted Aug 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5905-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include an out of bounds access vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2319, CVE-2022-2320
SHA-256 | b0e2d819f7b17e4918fe9a9dc70596e170a80b25f38b4b0a1966a791935c5e72
Red Hat Security Advisory 2022-5909-01
Posted Aug 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5909-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2021-40528, CVE-2022-1271, CVE-2022-1621, CVE-2022-1629, CVE-2022-21540, CVE-2022-21541, CVE-2022-22576, CVE-2022-25313, CVE-2022-25314, CVE-2022-27774, CVE-2022-27776, CVE-2022-27782, CVE-2022-29824
SHA-256 | 0da1a07e024c5eafb5720d0e3cb6f36908a73f19603470c2bd49233e5b4269e7
Red Hat Security Advisory 2022-5908-01
Posted Aug 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2021-40528, CVE-2022-1271, CVE-2022-1621, CVE-2022-1629, CVE-2022-21540, CVE-2022-21541, CVE-2022-22576, CVE-2022-25313, CVE-2022-25314, CVE-2022-27774, CVE-2022-27776, CVE-2022-27782, CVE-2022-29824
SHA-256 | 21735b4ced5266bed65b1e5716b12ddcbc5a20155a20ca55158673c1b483e442
Ubuntu Security Notice USN-5551-1
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5551-1 - It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2022-2255
SHA-256 | c0d8b0811cff1c4ea3ce6d3631247e214ed04798446bc13c1afab5378aab94e1
Ubuntu Security Notice USN-5550-1
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5550-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that GnuTLS incorrectly handled the verification of certain pkcs7 signatures. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-4209, CVE-2022-2509
SHA-256 | e6be1b0f70c52298ac52eaf627c11fe4e6dbb1bfd6bbff03ccc185fa6c027cc5
Ubuntu Security Notice USN-5549-1
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5549-1 - It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-36359
SHA-256 | d6802db37f187944cfcae70e62625c7f67a075d00e01f75cb25bab74570cc154
Ubuntu Security Notice USN-5546-1
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5546-1 - Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496, CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-34169
SHA-256 | 84c887787fbc010de3680aa29d38e80563065655d3f3e4aab5622447751585c1
Ubuntu Security Notice USN-5546-2
Posted Aug 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5546-2 - USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496, CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-34169
SHA-256 | 87c3a989ef7c811d1439e85194a5e4c23b3972fb68b3f204b750638318cec97c
WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery
Posted Aug 5, 2022
Authored by Marco Wotschka | Site wordfence.com

WordPress Ecwid Ecommerce Shopping Cart plugin versions 6.10.23 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2022-2432
SHA-256 | 4d8603e0293338606a482d16c657252dae8f29113703208bc7aafca598be3ca6
Backdoor.Win32.Bushtrommel.122 MVID-2022-0630 Remote Command Execution
Posted Aug 5, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bushtrommel.122 malware suffers from an unauthenticated remote command execution vulnerability.

tags | exploit, remote
systems | windows
SHA-256 | cf89785b492c836d6c244e6fc3290bceee66fd68edf28a7400e7d2792d8b6e34
Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass
Posted Aug 5, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bushtrommel.122 malware suffers from an authentication bypass vulnerability.

tags | exploit, bypass
systems | windows
SHA-256 | d7fc922486275581f2cf458522575af4443622981bf09a3aaadddd603ff38990
Online Admission System 1.0 SQL Injection
Posted Aug 5, 2022
Authored by syad

Online Admission System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9f6552806e7f79bf6438a86513e24999dcff366eebb104a253377d13284fc82e
WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting
Posted Aug 5, 2022
Authored by yunaranyancat, saitamang, amd_syad

WordPress Testimonial Slider and Showcase plugin version 2.2.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 25ecbf595ef86f9db782f57ba84d4478ef9c33a63a205a448ca3413ea4fe1f09
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close